albelli and Photobox Group have merged to create a leading player in the online European Photo Product and Gifting market. Together we now serve a pan-European customer base of over 7 million customers, supported by our 1,150 colleagues across the United Kingdom, the Netherlands, France, Spain, Germany, Norway and Sweden. We are focussed on inspiring our customers to easily make beautiful photo products and bring their special moments to life.
Technology is at the core of the albelli - Photobox Group and technology powers our commercial and production operations across Europe. Our technology platforms enable our customers to transform photographs into the most thoughtful gifts. We understand these aren’t just photos, they’re treasured moments.
That’s why every part of the experience, from website to factory to front door, is designed to delight. To secure these treasured moments, albelli - Photobox Group is now seeking to appoint a Security Engineer. For this role we’re looking for a strong technical security engineer with responsibilities across the albelli - Photobox Group of operating companies in the UK, Netherlands, Norway, France, Spain & Germany.
You will work with passion driven teams where there is never a dull moment. We are open minded and welcome new ideas and we want to hear your great ideas. We challenge ourselves and others in the team to come up with the best solution and safeguard the organisation in the ever-changing security landscape.
Key Areas of Responsibility:
- Identify and drive security initiatives including cloud and on-premise infrastructure
- Implement tooling to assist in the detection, prevention and analysis of security threats and vulnerabilities with shift-left approach as part of DevSecOps initiatives
- Execute red team scenarios to highlight gaps impacting organisations' security postures
- Perform penetration testing for networks, applications, mobile apps, APIs and thick clients
- Improve security awareness across the organisation and work as a partner with the teams.
- Work with teams to prioritise and timely implement remediations for vulnerabilities.
- Help manage and coordinate cyber security incidents and drive incident response capabilities
- Perform digital forensics and malware analysis in event of breaches or incidents
- Maintaining a current view of the cyber threat, and being able to advise on the threat landscape and attacks which may be relevant.
- Integrating security in our way of working within the organisation
Relevant Technical Skills:
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Information Technology, Engineering or a related major.
- 6+ years of related work experience;
- Any of the following certifications OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN, CISSP, Cloud security (AWS preferred)
- Cloud Security experience (e.g. AWS Guard Duty, Control Tower, Security Hub)
- Understanding of CI/CD pipelines and development lifecycle tools such as Jenkins, Github, Gitlab, CloudFormation, Jfrog and other related
- Knowledge of Windows, Linux, Unix, and any other major operating systems.
- Familiarity with the latest exploits, tactics, techniques and procedures (TTP), vulnerability remediation and security trends in Cloud implementations.
- Deep understanding of TCP/IP network protocols.
- Deep understanding and experience with various Active Directory and internal network attack techniques.
- Experience with EDR solutions
- Knowledge of and hands-on experience with vulnerability management solutions such as Rapid 7, Tenable, Qualys, Metasploit, etc.
- An understanding of application vulnerabilities (OWASP Top 10)
- Experience in security data lake creation and security analytics
Relevant Soft Skills:
- Develop and maintain working relationships with 3rd party solution and service providers and Internal teams
- Strong Stakeholder management
- Excellent verbal and written English
- Agile mindset and way of working
- Strong social skills
- A fast-growing e-commerce environment
- An international company hosting over 50 nationalities
- Competitive compensation, relocation support, and lots of benefits (such as a discounted gym membership)
- Budget for personal growth and development, including external training, courses, and conferences
- 26 days of annual leave with a healthy work-life balance
- A flexible hybrid work set up with a minimum of 2 days per month in the office and everything you need for a proper work from home setup
- An informal, fun, proactive, and inclusive culture with a social atmosphere (Friday drinks, parties, sports, etc.) to be resumed properly post COVID-19!
- A central location in one of Europe’s most vibrant cities, Barcelona!
We are working in a hybrid environment and this role is based in our Barcelona office, situated in a WeWork by Plaça de les Glòries Catalanes, a hub for technology and innovation. Within walking distance of public transport, the beach and shopping centres, the office has great facilities (coffee, tea, showers, bike parking, social events and more) with a modern working atmosphere. There are approx. 10 people in the office, who work across all areas of the business, with a focus on analytics, marketing, and technology.